CVE-2025-2563

Name of the Vulnerable Software and Affected Versions User Registration & Membership WordPress plugin versions prior to 4.1.2

Description The issue concerns a privilege escalation problem in the User Registration & Membership WordPress plugin. This problem allows unauthenticated users to gain admin privileges when the Membership Addon is enabled. The estimated number of potentially affected devices worldwide is not explicitly stated, but it is mentioned that over 70,000 installs are affected. There is no information provided about real-world incidents where this issue was exploited.

Technical details about exploitation include the fact that the plugin does not prevent users from setting their account role when the Membership Addon is enabled. No specific API endpoints, vulnerable parameters, or function names are mentioned in the provided descriptions.

Recommendations To resolve the issue, update the User Registration & Membership WordPress plugin to version 4.1.2 or later. As a temporary workaround, consider disabling the Membership Addon until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.